/*********************************************************
 * Copyright (C) 2008-2015 VMware, Inc. All rights reserved.
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as published
 * by the Free Software Foundation version 2.1 and no later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the Lesser GNU General Public
 * License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA.
 *
 *********************************************************/

/*
 * wrapper.c --
 *
 *      Platform specific code for the VMware User Agent setuid wrapper.
 */

#include <sys/mount.h>
#include <sys/param.h>
#include <sys/utsname.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/wait.h>

#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

#include "vmware.h"
#include "wrapper.h"


/*
 * Global functions
 */


#ifdef USES_LOCATIONS_DB
/*
 *-----------------------------------------------------------------------------
 *
 * BuildExecPath --
 *
 *      Determine & return path of vmware-user for use by execve(2).
 *
 * Results:
 *      TRUE on success, FALSE otherwise
 *
 * Side effects:
 *      None.
 *
 *-----------------------------------------------------------------------------
 */

Bool
BuildExecPath(char *execPath,           // OUT: Buffer to store executable's path
              size_t execPathSize)      // IN : size of execPath buffer
{
   char tmpPath[MAXPATHLEN];
   int execLen;

   /*
    * The locations database is the only path that's fixed, and it contains the
    * paths to all the other paths selected during Tools configuration.  The
    * locations database file is only writable by root, so we can trust it.
    */
   if (!QueryLocationsDB(LOCATIONS_PATH, QUERY_SBINDIR, tmpPath, sizeof tmpPath)) {
      Error("could not obtain SBINDIR\n");
      return FALSE;
   }

   if (strlen(tmpPath) + strlen("/vmtoolsd") + 1 > sizeof tmpPath) {
      Error("could not construct program filename\n");
      return FALSE;
   }
   strcat(tmpPath, "/vmtoolsd");

   /*
    * From readlink(2), "The readlink() system call does not append a NUL
    * character to buf."  (NB:  This breaks if user ever replaces the symlink
    * with the target.)
    */
   if ((execLen = readlink(tmpPath, execPath, execPathSize - 1)) == -1) {
      Error("could not resolve symlink: %s\n", strerror(errno));
      return FALSE;
   }

   execPath[execLen] = '\0';

   /*
    * Now make sure that the target is actually part of our "trusted"
    * directory.  (Check that execPath has LIBDIR as a prefix and does
    * not contain "..".)
    */
   if (!QueryLocationsDB(LOCATIONS_PATH, QUERY_LIBDIR, tmpPath,
                         sizeof tmpPath)) {
      Error("could not obtain LIBDIR\n");
      return FALSE;
   }

   if ((strncmp(execPath, tmpPath, strlen(tmpPath)) != 0) ||
       (strstr(execPath, "..") != NULL)) {
      Error("vmware-user path untrusted\n");
      return FALSE;
   }

   return TRUE;
}
#endif // ifdef USES_LOCATIONS_DB


/*
 *----------------------------------------------------------------------------
 *
 * CompatExec --
 *
 *      Simple platform-dependent execve() wrapper.
 *
 * Results:
 *      False.
 *
 * Side effects:
 *      This function may not return.
 *
 *----------------------------------------------------------------------------
 */

Bool
CompatExec(const char *path,    // IN: path to executable
           char * const argv[], // IN: argument vector (see execve)
           char * const envp[]) // IN: environment vector (see execve)
{
   execve(path, argv, envp);
   return FALSE;
}
